| From: | Nicolas Kowalski <Nicolas(dot)Kowalski(at)imag(dot)fr> |
|---|---|
| To: | Curt Sampson <cjs(at)cynic(dot)net> |
| Cc: | pgsql-general(at)PostgreSQL(dot)org |
| Subject: | Re: passwords and 7.3 |
| Date: | 2003-01-27 14:47:33 |
| Message-ID: | vqobs22wsxm.fsf@imag.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Curt Sampson <cjs(at)cynic(dot)net> writes:
> I know it's a bunch of programming work, but if you use "unencrypted"
> passwords (i.e., crypt-style rather than MD5) for the users in the db,
> could you not write a program that reads the pg_user table directly, and
> then updates those passwords that need updating?
Currently, our external password file looks like this :
kowalski:<crypted-password-here>
...
phppgadmin:+
webcalendar:+
...
And so on. Regular Unix users have their passwords set from the NIS
passwd database (standard crypt method), and PostgreSQL-specific users
have their passwords defined in pg_shadow (no encryption there). This
last use prevents us from using PAM-style authentication I presume.
The pg_hba config file contains the following line :
host all <network-address> 255.255.255.0 password passwd
If the passwords are stored in their "crypt form" in pg_shadow, yes I
can write such a script, then call it through cron; but as I
understand the docs, passwords are stored using MD5 method, which
makes all our passwords unusable, am I wrong ?
--
Nicolas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Johann Uhrmann | 2003-01-27 15:01:59 | Getting results from a dynamic query in PL/pgSQL |
| Previous Message | Tom Lane | 2003-01-27 14:24:30 | Re: required rights for PGDATA |